Optimising and Securing VMware Environments with Runecast Analyzer

Overview of Runecast Analyzer

A brief overview of a product which helps reduce troubleshooting time, identify issues and helps with making your vSphere system compliant. The biggest issue I see in vSphere environments is maintaining security and hardware compatibility with the HCL. The features of Runecast certainly would appear to help resolve these issues. See the key features as I see in this product. (not an exhaustive list)

Key Features (from my perspective)

  • Config KB checks
  • Best Practise
  • Security reports
  • Hardware compatibility checks
  • Logs and KBs Discovered
  • Plugin Runecast for vSphere Client
  • vRealize Orchestrator – Remediation options

Requirements

  • Base appliance starts as min spec – 2vcpu 4GB RAM appliance

Runecast Dashboard (example)

Simple clear dashboard, also available using a plugin for the vSphere Client.

  • Config KB checks

The headache in my life resolved, identify config issues highlighted.

What a useful feature, it pulls the info from the VMware Knowledge base and shows resolution

  • Best Practise

Check best practise (run a scan, only takes 1 or 2 mins.)

NTP example

SSH example enabled

  • Security reports

Security and compliance

Analyse against compliance example report and recommendations

Example if PCI DCSS (target specific PCI clusters if your required)

  • Hardware compatibility checks

Hardware Compatibility check only too often get over looked when updates and upgrades happen. Then boom things go wrong and how do you start troubleshooting the unknown. So, this feature looks good to help keep you on track.

Drill down to see the issue example

  • Logs and KBs Discovered

Logs being reviewed, another nice feature

  • Plugin Runecast for vSphere Client (The plugin mentioned at the start)
  • vRealize Orchestrator – (Remediation options with Runecast example)

This is just a brief overview of a product to help save your IT resources time and effort in managing and maintaining the vSphere environment. Seems useful to me.

How to install Next Generation ESXi 7.0 version !!

How to install Next Generation ESXi 7.0 version.

How to install Next Generation ESXi 7.0 version !!

All the VMware professionals are exciting for the new generation of vSphere 7 announcement and General Availability starting from April 02. There are lots of great enhancement done on this vSphere 7 version especially the inbuilt Kubernetes availability and support functionality. This post …Read More


VMware Social Media Advocacy

vSphere ESXi 6.7 Unable to talk between subnets between hosts

Configuration was :

ESXi 6.7 – vSphere handling all the port groups tagged with VLANs

Firewall – CISCO ASA

 

Problem : New ESXi 6.7 hosts. A virtual machine if on the same host and vSwitch could communicate no problem. However if a virtual machince was communincating with another virtual machine on another host on a different, subnet they were unable to communicate between subnets and hosts. Both virtual machines could ping their local gateways. Firewall, CISCO ASA was just dropping all packets and showing the following error

Error on the Firewall when capturing ping traffic “No source port  on ping “Error (Type 8, Code 0), Denied ICMP type=8, code=0”

 

Solution

Sometimes its the simple tick box on the Firewall / ASA config

“Enable traffic between two or more interfaces which are configured with the same security levels”

All traffic started communicating and the virtual machines could talk between the subnets as per the rules on the Firewall.